If you are writing your own authentication code, you must implement the security procedures described in this article to enable your bot to exchange messages with the Bot Connector service.Important If you are writing your own authentication code, it is critical that you implement all security procedures correctly.

To prepare for this change, the below steps outline how to check for both the v3.1 and v3.2 issuer values.

Likewise, when the Connector service sends a request to your bot, it must include information that the bot can use to verify its identity.

This article describes the authentication technologies and requirements for the service-level authentication that takes place between a bot and the Bot Connector service.

Your bot communicates with the Bot Connector service using HTTP over a secured channel (SSL/TLS).

When your bot sends a request to the Connector service, it must include information that the Connector service can use to verify its identity.

Do NOT send the token over unsecured channels and do NOT include it in HTTP requests that you send to other services.